I'm working on a project where we have to replace one BlackDiamond 10808 switch and NetScreen ISG1000 firewall. As you can imagine these are pretty old devices although they are solid and still working. So, we decided to look into Cisco as an Enterprise soltuion. The requirements that should be met are:
- Gigabit interfaces and firewall throughput (scalable to 10 G - optional)
- BGP with independent AS
- HA with possible second pair of devices in another datacenter
I have experience with Cisco's ISR routers but I think that a better solution in this case will be some ASR router probably. Also, the switchports from the BD switch are not part of the current scope. I'm looking for the routing agregation and the firewalling at the moment.
Please for your advise and thanks in advance!
The ASR series routers should work fine for what you need. The only thing is that these are routers and not so firewalls. So, you can configure them with firewall policies but not sure about the speed (10G) you need if this is a hard requirement.
Here is the data sheet for all models:
Yes, ASR and ASA is a good combination, always check the kind or amount of traffic you will be passing through to have a proper model.
Yes, it does. The routers will face the outside (Internet) and the firewalls can be installed right behind the routers. I would use the Firewalls for NAT.